Greek shipping firm Optima Shipping Services has entered the cyber-security space by launching a specialised company to address gaps in the domestic maritime industry
Optima has partnered with Greece-based firms TicTac Cyber Security and Crimelab to establish Optima Cyber, responding to the rising number of cyber attacks targeting shipping companies in recent years.
Optima Cyber aims to enhance cyber-security awareness and resilience in the maritime sector by offering tailored solutions that address vulnerabilities at both corporate and vessel levels.
The newly launched entity will also focus on proactive threat monitoring, risk assessments, ransomware incident response and business recovery strategies.
Cyber security cannot be overlooked
With several high-profile cyber incidents affecting major maritime organisations, cyber security can no longer be viewed as a purely technological issue.
“While awareness of cyber-security risks has improved, there remains a gap between recognition and proactive implementation of robust cyber-security measures,” Optima Shipping Services head of market analysis and decarbonisation strategies Angelica Kemene told Riviera.
“Many companies acknowledge the threats, especially following high-profile incidents, but practical defences and training are often lacking,” she added.
TicTac co-founder Panagiotis Pierros noted while awareness and preparation have improved over the years, new attack vectors and emerging threats have raised the stakes, requiring heightened vigilance.
According to Ms Kemene, recent cyber attacks have highlighted ransomware, phishing schemes targeting both crew and shore-based personnel, and vulnerabilities in operational technology systems that can disrupt vessel operations as the most prominent threats.
Regulatory challenges and compliance gaps
Beyond cyber-security threats, Optima Cyber will also help shipping companies to achieve regulatory compliance.Notably, while the current regulatory framework for cyber-security incidents in shipping is important in principle, stakeholders have often criticised it as vague.
“Most guidelines are generic and sometimes vague, but existing threats are driving companies forward,” said Mr Pierros.
Ms Kemene pointed out while the IMO Resolution MSC.428(98) and related guidelines (such as /Circ.3) mandate the integration of cyber-security risk management into safety management systems, enforcement mechanisms remain weak.
Although classification societies and flag states have introduced additional guidelines – such as the IACS Unified Requirements /E27 – compliance remains inconsistent across the industry. “The real challenge lies in translating regulatory requirements into concrete, proactive measures on board and ashore,” Ms Kemene added.
She also emphasised the role of flag states in strengthening industrywide cyber resilience, with clearer auditing procedures.
However, stricter cyber-security regulations appear to be on the horizon. Measures such as the EU’s Digital Operational Resilience Act and the NIS2 Directive indicate greater compliance requirements and more detailed regulations will be introduced in the coming years, Mr Pierros noted.
The European Union Agency for Cybersecurity 2024 threat landscape highlighted the increasing number of incidents faced by the EU transport, which was the second-most targeted sector.
